Ask stories

The core idea is Minimal task model + programmable behaviour — a small core that enables unlimited features, since each task can carry executable scripts.

Recent updates:

- VM now uses NaN-boxing technique.

- All stack values are 64-bit (u64) but encode 5 distinct types: Boolean, String, CallData, U32, and MemSlice (25-bit offset + 25-bit size).

- Added InlineVec — a vector-like structure backed by a fixed-size array. The VM stack, control stack, call stack, and jump stack now use it with defined limits. - VM has memory now (heap). Memory is simple Vec<u64>, grows dynamically, but technically length is restricted by mem_slice_val format: 25 bits payload for offset and size

Project is still in absolutely early stage.

Repo is here: https://github.com/tracyspacy/spacydo

My Google account has been suspended from GCP since March 2024.

I have submitted multiple appeals through ts-consult@google.com over 2 years. Every time I get the same automated template asking me to explain, I reply with details, then nothing. No human ever responds.

Case: #1-8622000037271

Timeline: - March 2024: Suspended, appeal submitted - April 2024: Automated requests for info, I replied - Nov 2024: More automated emails, I replied again - Dec 2024 - now: Complete silence

I am a CS researcher at UC Berkeley. This has seriously impacted my work.

Has anyone successfully gotten Google to review a GCP suspension appeal? How do you reach a human?

I’ve noticed that most physical scientific and graphing calculators are easily outdone in terms of performance, capability and ease of use by the likes of Desmos and the default calculators on OS’es like the iOS, Android, and Windows.

It kind of makes me wonder whether people still use physical calculators from Texas Instruments, Casio, etc

If you do, I’d love to know why and how it is different/better for you than the ones I’ve mentioned and others like them and vice verse.

Cheers!

Hi HN,

I’m working on AI agents used for software development. These agents automatically spin up short-lived app instances – for example per pull request, per task, or per experiment – each with its own temporary URL.

Auth is handled in the standard way:

- OAuth2 / OIDC

- external identity provider

- redirect URLs must be registered in advance and be static

This clashes badly with short-lived apps:

- URLs are dynamic and unpredictable

- redirect URLs can’t realistically be pre-registered

- auth becomes the only non-ephemeral part of an otherwise fully automated workflow

What I see teams doing instead:

- disabling real auth in preview environments

- routing all callbacks through a single stable environment

- using wildcard redirects or proxy setups that feel like hacks

This gets especially awkward for AI dev agents, because they assume infrastructure is disposable and fully automated – no manual IdP config in the loop.

So I’m curious:

1. If you use short-lived preview apps, how do you handle real auth?

2. Are there clean OAuth/OIDC patterns that work with dynamic URLs?

3. Is the static redirect URL assumption still the right model here?

4. What actually works in production?

Looking for real setups and failure stories, not theory.

Salutations HN!

I’ll keep it simple, has anyone known of or been a part of a co-op of software engineers? And if so, how did it go?

I’m curious because it seems like the vast majority of early capital raises seem to go to paying for software development, and a small group of engineers could (in theory) output a few million dollars worth of value. It might not be attractive to VCs but it could probably form a business that lets coop members lead very comfortable lives.

I’m a DevOps engineer and recently started experimenting seriously with AI-assisted coding to see how useful it actually is in real work.

It checks:

- HTTPS redirects - SSL certificate validity - Mixed content - basic security headers - HTTP/3 support

AI helped a lot with speed — scaffolding, boilerplate, and quick iterations. But testing, edge cases, and reviewing security-related logic quickly reminded me that AI doesn’t replace understanding. You still own every line of code you ship.

This is mainly a learning project, not meant to replace full security scanners. I’d appreciate any feedback, bug reports, or thoughts on what’s missing or misleading.

Check it out: https://httpsornot.com

Hello those who still read forums.

I have recently graduated from a college and started working as a junior dev (trying to consume as much knowledge from senior colleagues as I can now) and it seems that the real world is kind of a different story compared to the college practice.

In the college we've been taught about design patterns and all these responsibilities like domain, application, infrastructure, UI. Domain should never depend on infrastructure or application layer and so on. But the projects I got have domain that depend on infrastructure and another one where application has a reference directly to infrastructure and been told that this is correct implementation... doh..

I think I was kind of a good at listening for the lectures, but I now am doubting about, whether it was worth learning stuff at all lol since it's so controversial out there. I am, of course, in no position to question senior dev, but what do you guys think - is it really normal that all the college so called "best practices" go straight to the trash bin or am I just misunderstanding the real-work-like context?

I've read many mind-boggling stories from those appeared to be genuine OpenClaw users, like how their assistants (from useful to dramatic) (1) plan a travel and book everything; (2) started a company and build things; (3) entered stock market and lost all the money... Moltbook added more funs.

Interestingly, I cannot find a single user of OpenClaw in my familiar communities, presumbly because it takes some effort to setup and the concept of AI taking control of everything is too scary for average tech enthusiasts.

I scan through comments on HN, many of which were discussing about the ideas, but not sharing first-hand user experiences. A few HN users who did try it gave up / failed for various reasons:

- https://news.ycombinator.com/item?id=46822562 (burning too many tokens)

- https://news.ycombinator.com/item?id=46786628 (ditto + security implication)

- https://news.ycombinator.com/item?id=46762521 (installation failed due to sandboxing)

- https://news.ycombinator.com/item?id=46831031 (moltbook didn't work)

I smell hype in the air... HN users, have any of you actually run OpenClaw and let it do any things useful or interesting? Can you share your experience?

Hi HN — I’m exploring an idea and would love your feedback.

I’m a builder and user of Obsidian, validating a concept called Concerns. Today it’s only a landing page + short survey (no product yet) to test whether this pain is real.

The core idea (2–3 bullets):

- Many of us capture tons of useful info (notes/links/docs), but it rarely becomes shipped work.

- Instead of better “organization” (tags/folders), I’m exploring an “action engine” that:

  1.detects what you’re actively targetting/working on (“active projects”)

  2.surfaces relevant saved material at the right moment

  3.proposes a concrete next action (ideally pushed into your existing task tool)

Before writing code, I’m trying to pin down two things:

- Project context signals (repo/PRs? issues? tasks? calendar? a “project doc”?)

- How to close the loop: ingest knowledge → rank against active projects → emit a small set of next-actions into an existing todo tool → learn from outcomes (done/ignored/edited) and optionally write back the minimal state. The open question: what’s the cleanest feedback signal without creating noise or privacy risk? (explicit ratings vs completion events vs doc-based write-back)

What I’m asking from you:

1.Where does your “second brain” break down the most?

capture / organization / retrieval / execution (If you can, share a concrete recent example.)

2.What best represents “active project context” for you today?

  task project (Todoist/Things/Reminders)

  issues/boards (GitHub/Linear/Jira)

  a doc/wiki page (Notion/Docs)

  calendar

  "in my head"

3.What’s your hard “no” for an AI that suggests actions from your notes/links? (pick 1–2)

  privacy/data retention

  noisy suggestions / interruption

  hallucinations / wrong suggestions

  workflow change / migration cost

  pricing

  others

I can’t name a single software application or software feature that has been mooted by AI. Zero. Take Excel as an example. Not only has AI failed to replace Excel in its entirety, but it has also failed to replace any of its features. AI was simply appended as an additional feature in the form of an agentic chatbot. This has been the trend across the entire industry, and it’s why AI has failed to fundamentally transform any of our exiting software application.

Now you might ask: what about AI native applications? Well, as it turns out, most of them are essentially clones of existing software but with a chatbot slapped on top. Because of the error prone nature of AI, any application that leverages it also has to surface all of the controls required to override all of its decisions. So you end up with a traditional software application plus AI.

AI promised to transform and even replace software applications, but all it did instead was augment them with an unreliable chatbot. All of the old fields and buttons are still there, but now there’s an additional text field that you can type into and hope for the best.

So I'm trying to submit a resume to Apple, but to do so, I need an AppleId. Okay. I try to sign up for one and discover my phone number has been used by someone else. I dropped into the local Apple Store (who supposedly have the ability to reset or create AppleIds) but, spoiler alert, after two hours they couldn't figure out why my phone number won't work.

Does anyone know if there's a way to create an AppleId w/o a phone number? Apple's public docs say it's impossible.

Maybe there's an email alias I can use to submit my resume instead of buying an iProduct?

I guess I could get a dirt cheap sim for my (non-apple) phone and use it for a day, just to sign up for a new AppleId. But somehow this seems... wrong. It also seems unreasonable for a company to force me to buy an $1000 device just for the privilege of submitting my resume.

[edit: Forgot to mention, I own precisely zero iProducts.]

Over the last few weeks, world models have started to feel real for the first time. You can see coherent environments, long rollouts, and increasingly convincing visuals. At the same time, most of these systems are hard to run, hard to integrate, and trade interactivity for scale.

We started Overworld because we cared less about producing impressive videos and more about building worlds you can actually inhabit. That means low latency, continuous control, and systems that respond every time you act, not once per prompt.

Last week, we released Waypoint 1, a research preview of a real-time diffusion world model that runs locally. Next week, we’re releasing Waypoint 1.1 Small, which is designed to run on modern consumer GPUs and be easy to build on and modify.

Waypoint is built from scratch rather than fine-tuned from a large video model. We optimized heavily for control frequency, sparse attention, and fast inference so the system can maintain a persistent world state and respond to input at game-level frame rates. The goal was to make something developers can integrate today, not just watch as a demo.

We think this space will move fastest once world models follow a path similar to LLMs: local execution, open tooling, and fast community-driven iteration. Genie and similar systems show what’s possible at a massive scale. Our focus has been on making that future local and accessible.

We wrote more about the “immersion gap,” why interactivity matters more than visuals alone, and how we optimized the model in a recent blog post.

Code, demos, and release details are here: https://over.world/blog/the-immersion-gap

"Tokens per request" has been a misleading cost model for us in production. The real drivers seem to be multipliers: retries/429s, tool fanout, P95 context growth, and safety passes.

What’s been the biggest cost multiplier in your prod LLM systems, and what policies worked (caps, degraded mode, fallback, hard fail)?

Hi HN,

I've been working on a programming language called G. It is designed to be memory-safe and extremely fast, with a focus on a tiny footprint.

The entire interpreter is written in D and weighs in at only 2.4MB. I built it because I wanted a modern scripting language that feels lightweight but has the safety of a high-level language.

Key Features:

     Small: The binary is ~2.4MB.
     Fast: Optimized for x86_64.
     Safe: Memory-safe execution.
     Std Lib: Includes std.echo, std.newline, etc.
     

I would love to get some feedback on the syntax or the architecture from the community!

I've got a side project I've worked on for a while and I'm happy with the engineering side, but I'm terrible at marketing. I've made a couple of reddit comments, shown friends who would benefit from my project, but what is the best way to get it out there?

I love technology. But I'm no longer optimistic about the future. It seems like AI is not going to go away, and instead of building reliable software, managers seem to push people to use AI more, as long as they ship products. Everything else is being destroyed by AI: art, music, books, personal websites. Why read a blog post, when Google AI Summary can just give you the summary? Why read a book, when you can just get AI summary of it? Why pay artists for music, when you can just generate endless amount of AI music?

And even things like "doing day to day chores" are being automated away with tools like AI assistants. The only thing you are left to do is to eat and take a sh*t throughout the day. How should people make money? No idea, as in the "prosperous future", everything is replaced by AI.

So my question HN: What's the point anymore? Why keep going and where to?

This is just one of those narratives that people latch onto because it has a nice ring to it. Or maybe it’s because it makes AI sound less threatening and perhaps even palatable. “Don’t worry. AI is going to replace only the repetitive parts of your job.” But if you spend even a minute examining this narrative, then you will realize just how preposterous it is.

Humans have already figured out how to automate repetitive physical and digital labor, and we’ve been doing it for decades and even centuries by using machines and computing. Simply put: If it’s repetitive, then you don’t need AI to automate it.

In fact, the kinds of task we want AI to automate are precisely those that AREN’T repetitive. That was the whole god damn point of AI.

How did we go from the original purpose of AI to claiming that it will do what we’ve already been doing for decades? Where do these narratives come from, and why do people fall for them?

I'm a dev with zero self-control. "One more function" turns into 3 hours.

Tried Apple Screen Time – I just click "Ignore" every time. Tried Pomodoro apps – closed them when they got annoying.

What actually works for you? Hardware timers? Standing desks? Blocking software?

I'm building a macOS tool that uses full-screen overlays with a 30s cooldown to bypass, but curious what approaches others have found effective.

I am asking this question for my personal circumstances --- not a general statement about software engineering.

I am a CompSci senior focusing on ML. My university does not have applied research in ML, so doing ML in school (classes/research) is pretty much a one-way ticket to the theory/algorithms side of academia.

Last year, I had the epiphany that I am good at (and enjoy) solving problems by connecting components in a system instead of finagling a problem into a form where we can apply some mathematical law. Specifically, I have greatly enjoyed working with artists/UI/UX/frontend/non-tech people as their back-end counterpart. I have built data pipelines for MLEs, back-end for UI/UX/frontend designers, machine learning pipeline for BME researchers and projection/imagery software for artists.

I am pretty generalist and tool-agnostic, with more breadth than depth. That feels like software engineering.

That said, I do like to have an understanding of how things work and I have a decent tolerance for reading math. This is a really nerdy thing to say but I enjoyed deriving stuff like the convergence of gradient descent and I enjoyed real analysis. I also really enjoyed Nand2Tetris (open source course teaching you to build a minimal computer from NAND gates + compiler from OOP language to binary). It's extremely elegant to me, seeing the great design choices people made in the past. I feel like these are underappreciated in software engineering.

Right now, I have an opportunity to work with my RL professor, who has an amazing track record publishing at top conferences. I am really on the fence because his research is in RL algorithms and I had a very bad experience in my last algorithm research project somewhere else (I had a vague idea of what we were doing but nowhere near enough to make contributions). I am concurrently applying to jobs and Master's and I am pretty sure I will never touch this topic again if I go into industry after graduation.

I have these two questions: 1) Do I sound like the software engineers you know? What other roles do you think I am a good fit for? 2) Should I take this opportunity simply for research exposure? Do you think this is necessary in helping me keep up with trends as an applied practitioner in ML?

P.S. This is my first time posting on HN and this seems a lot longer than the average Ask HN post. I don't know if that's appropriate. Please lmk if I should go to a subreddit instead.

Thanks in advance if you read all that!

For me, it is the shift toward thin, auto-hiding scroll bars. I see it on macOS, Linux (Mint), mobile phones and probably Windows too (though i haven't used windows in a while).

Is this a cleaner look? I have always loved visible scroll bars because they act as useful guides for where I am on a page and how much content remains and just easy to drag. Now you have to hover over it first.

I am curious what UX changes have stood out to you lately, for better or worse.. Maybe some designers reading this forum will take notes.

I’m trying to understand where “vibe coding” realistically stands today.

The project I’m currently working on is getting close to 60k lines of code, with fairly complex business logic. From what I’ve heard, at this scale only a few tools (like Claude’s desktop app) are genuinely helpful, so I haven’t experimented much with other AI coding services.

At the same time, I keep seeing posts about people building 20k lines of code and launching a SaaS in a single 40-hour weekend. That’s made me question whether I’m being overly cautious, or just operating under outdated assumptions.

I already rely on AI quite a bit, and one clear benefit is that I now understand parts of the codebase that I previously wrote without fully grasping. Still, at my current pace, it feels like I’ll need several more months of development, followed by several more months of testing, before this can become a real production service. And that testing doesn’t feel optional.

Meanwhile, products that are described as being “vibe coded” don’t seem to be getting particularly negative evaluations.

So I’m wondering how people here think about this now. Is “you don’t really understand the code, so it’ll hurt you later” still a meaningful criticism? Or are we reaching a point where the default approach to building software itself needs to change?

I’d especially appreciate perspectives from people working on larger or more complex systems.

AI doesn’t just increase productivity: it creates *over-efficiency*.

Individuals and small teams can now generate decisions, options, and initiatives faster than existing organizations were designed to legitimize, coordinate, or absorb. The bottleneck has shifted from execution to governance.

When surplus productive capacity accumulates without an absorption layer, organizations don’t gradually adapt. Historically, they freeze: tighter rules, centralization, bans, decoupling.

We saw a similar reflex during COVID: when systems couldn’t absorb shock locally, they shut down globally.

What seems under-discussed is absorption: not "how fast can we produce" but how many decisions, options, and changes an organization can metabolize without defensive closure.

Two mechanisms seem relevant but under-theorized: (1) small, local process changes that redistribute coordination and decision load; (2) continuous skill and role shifts, as people reposition around what still needs to be decided, maintained, and legitimized.

I’ve been trying to think about this as a kind of "conduction" problem, how human decision-making and legitimacy flow alongside generations, AI and people.

If you’ve seen organizations handle this well (or fail badly), I’d be curious: what actually lets systems absorb AI-driven over-efficiency without reverting to control, ranking, layoffs or shutdown?

I'm at 160wpm with my apple keyboard [0]. It's easily my favourite keyboard of all time but I'd love an ergo keyboard with chiclet keys and a built in mouse. I was looking at the cybord imprint [1] and the kinese advantage 360 [2] but the kinesis despite its infinite good reviews doesn't have a mouse and is too expensive for me although it is wireless, same with the imprint. My goal is to ziptie it to my herman miller aeron armrests so I don't have to ever move my arms, and I can swing around to look at my other monitors without craning my neck. Any out of the box solutions I can order that don't need soldering and assembly? There seem to be few.

[0] https://www.apple.com/ca/shop/product/mxk83ll/a/magic-keyboard-with-touch-id-and-numeric-keypad-for-mac-models-with-apple-silicon-usb%E2%80%91c-us-english-black-keys [1] https://cyboard.digital/products/imprint [2] https://kinesis-ergo.com/keyboards/advantage360/

Secrets management with Agents feels absent today. The agent needs API keys to call external services, but the usual patterns feel broken in this context. You see this clearly when writing Agent Skills.

Environment variables: The agent has shell access. It can run `env` or `echo $API_KEY` and access the secret, either through prompt injection or just by exploring or debugging.

.env files: Same problem. The agent can `cat .env`. The file is right there on the filesystem waiting for curious `print()` statements.

Proxy process / wrapper: You can stand up a separate process that holds the secret and proxies requests. The agent calls localhost, never sees the key. This works, but it's a lot of operational overhead. Now you're running infrastructure just to hide a string from your own tools. It also feels close to reinventing MCP.

What I've been experimenting with:

1. OS keychain with credential helper: The bundled or generated script calls out to the system keychain (macOS Keychain, Windows Credential Manager, etc.) at runtime. The agent can invoke the script, but can't directly query the keychain. Libraries like Python's `keyring` abstract over OS keychains and make it somewhat portable, but this all assumes certain runtime environments and requires user interaction via the OS.

2. Credential command escape hatch: Scripts accept a `--credential-cmd` flag that runs an arbitrary shell command to fetch the secret (`pass show`, `op read`, `vault kv get`, etc.). Flexible, but the agent could potentially inspect what command is being run and iterate to try to access it anyway.

Neither of these feel like a real solution. An agent could probe for credentials.

How are others handling secrets in agent workflows? Is anyone building agent runtimes with proper secrets isolation? Seems like something the official agent harnesses need to figure out and ship with.

Following the most recent in a long line of data breaches (AFLAC this time), I am wondering if it is worth taking advantage of their 24 month free CyEx Medical Shield.

Has anyone ever used one of these after a breach? Any compelling reason not to use it?

For the past couple of days any link I submit stays on the "Loading" spinner and never seems to make it into the queue, and it seems like HN submissions for new articles aren't getting any archive links posted.

What characteristics should a programming language have in order to make automated analysis, replication, and learning by artificial intelligence systems difficult? Any idea?

It’s always interesting to know the (side) hustles people are running that, in their opinion, provides recurring revenue that is either a good source or passive income or their main source of income.

I am looking for the best place to find startup founders who need to hire fractional roles to get them off the ground. I have 15 years of product building experience in the SaaS world, and am looking to connect with other founders.